McClure CPNI Manual.pdf

8/20/2019 McClure CPNI Manual.pdf

1/58

This manual and its contents are for the internal use only of the telephone company above and should not be

redistributed without the consent of the Vantage Point Solutions.

McClure Services LLC

CUSTOMER PROPRIETARY

NETWORK INFORMATION

(CPNI) MANUAL

Adopted: September 17, 2015

Created and Prepared by:


2/58

2-Cover Sheet MS.doc Released: September 4, 2015

Prepared by Vantage Point Solutions – For Internal Company Use Only


CUSTOMER PROPRIETARY NETWORK

INFORMATION (CPNI) MANUAL

(For McClure Services, LLC Internal Use Only)

This manual was developed by Vantage Point Solutions, Inc.(VPS), based on the Federal Communications Commission (FCC)

rules adopted on March 13, 2007, and the associated Order

released on April 2, 2007. These rules took effect is on

December 8, 2007.

Please contact VPS with any questions or concerns:

Wendy Harper, Senior Financial Analyst: (605) [email protected]

JoAnn Hohrman, Senior Financial Analyst: (605) 995-1764

[email protected]

Doug Eidahl, VP of Regulatory & Legal: (605) 995-1750

[email protected]

mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


3/58

3-TOC MS.doc Page 1 of 2 Released: September 4, 2015


MCCLURE SERVICES LLC

CPNI MANUAL

Table of Contents

Section

Executive Summary ......................................................................................1

CPNI Background .........................................................................................2

Definitions ......................................................................................................3

CPNI Responsibilities ....................................................................................4Company Responsibilities .................................................................... 4.1

CPNI Compliance Officer Responsibilities ....................................... 4.2

Employee Responsibilities .................................................................... 4.3

CPNI Disciplinary Procedures .....................................................................5

Authorized Account Contacts .......................................................................6

Customer Authentication Procedures .........................................................7

Password Protection Procedures .................................................................8

On-line Account Access Requirements .......................................................9

Account Change/Activity Notification ..................................................... 10

Business Customer Exemption ................................................................. 11

Reporting Procedures ................................................................................. 12

Opt-In & Opt-Out Approval Requirements ............................................ 13

Frequently Asked Questions ...................................................................... 14


4/58

3-TOC MS.doc Page 2 of 2 Released: September 4, 2015


Marketing Opportunities .......................................................................... 15

SAMPLE Customer Memo & Forms1 ..................................................... 16

Customer Notice Memo ...................................................................... 16.1

Authorized Account Contacts............................................................ 16.2Password Set Up ................................................................................. 16.3

Opt-In Notice ....................................................................................... 16.4

Opt-Out Notice .................................................................................... 16.5

Notice of Change/Activity .................................................................. 16.6

Certifications ............................................................................................... 17

CPNI Compliance Officer .................................................................. 17.1

Employee Acknowledgement of CPNI Compliance ........................ 17.2Sample Annual Certification Letter ................................................. 17.3

Appendices .................................................................................................. 18

Appendix A - Section 222 of the 1996 Telecom Act

Appendix B - FCC Title 47 CPNI Rules:

§ 64.2003 (Definitions)

§ 64.2005 (Use of CPNI without Customer Approval)

§ 64.2007 (Approval Required for Use of CPNI)

§ 64.2008 (Notice Required for Use of CPNI)§ 64.2009 (Safeguards Required for Use of CPNI)

§ 64.2010 (Safeguards of the Disclosure of CPNI)

§ 64.2011 (Notification of CPNI Security Breaches)

Appendix C - FCC Rule Amendments:

FCC 1st Report & Order, Executive Summary, April 2, 2007

Appendix B of the FCC 1st Report & Order, April 2, 2007

1 All forms should be discussed with the Company’s billing software vendor for tracking capabilities within

its system and non-duplication of any automated forms the software may generate. These are SAMPLES

of what may be used, however similar forms may exist within the software. The Company should work

closely with its vendor regarding the way the Company chooses to implement CPNI procedures.


5/58

Section1-ExecSumm MS.doc Page 1 of 2 Released: September 4, 2015



CPNI MANUAL

Executive Summary

Federal Communication Commission (FCC) Customer Proprietary Network Information

(CPNI) rules require that MCCLURE SERVICES LLC (“Company”) and its employeesmust take reasonable measures to discover and protect CPNI.

CPNI is information that is obtained due to the carrier-customer relationship and is not public knowledge. CPNI includes call detail and non-call detail. CPNI call detail

information examples include, but are not limited to, information such as the calling

number, called number, and the length of time for a call. Non-call detail information is

account information contained in the bills to a customer pertaining to local exchangeand/or toll services, such as calling features, calling plan subscribed to, dollar amounts,

etc.

The Company must train its personnel as to when they are and are not authorized to use

or distribute CPNI, and the Company must have an express disciplinary process in place

to be used in the event that a CPNI breach occurs.

The Company must have an officer sign a compliance certificate on an annual basis (due

March 1st of each year for the prior year), which includes an explanation of any actionstaken against data brokers, as well as a summary of all consumer complaints received in

the previous year regarding the unauthorized release of CPNI.

In addition, the Company must establish a supervisory review process regarding carrier

compliance for outbound marketing situations and must also maintain records of carrier

compliance. Specifically, sales personnel must obtain supervisory approval by the CPNI

Compliance Officer of any proposed outbound marketing request for customer approval.

The Company is required to notify both law enforcement and customers in the event of a

CPNI breach within seven days of the discovered breach; however law enforcement must be notified seven days before the customer is notified or longer if law enforcement

requests a delay in notifying the customer.

The Company prohibits its employees from releasing call detail information to customers

during customer-initiated telephone contact, except when the authorized customer

provides a password. Further, if the authorized customer does not provide a pre-

established password, the FCC prohibits the release of call detail information except bysending the information to an address of record, or by calling the customer at the

telephone number of record. As an alternative, the customer may come into the office

and show valid, government-issued photo identification in order to be authenticated.


6/58

Section1-ExecSumm MS.doc Page 2 of 2 Released: September 4, 2015


The Company also requires password protection for any online account access. All

account information accessed online must have a password input before obtaining accessto any of the account information. (Note: Password, whether for call detail or online

access, must not be based on readily available historical information such as a social

security number, mother’s maiden name, etc.)

The Company is required to notify the customer immediately when a password, customer

response to a security question is utilized for the authentication for lost or forgotten

passwords, online account, or address of record is created or changed. This notificationmust be generic and not state the specifics of the change or activity. For example if the

address of record was changed, the Company must not provide the new address, but only

state the address was changed.

The Company must obtain opt-in consent from a customer before disclosing a customer’s

CPNI to a joint venture partner, independent contractor, or a third party for the purpose of

marketing communications-related services to that customer.

For business customers, if the Company has established a dedicated account

representative for a particular business customer and the Company has a contractualagreement with that business customer that specifically addresses the carrier’s protection

of CPNI, then the contract CPNI requirements shall replace the FCC CPNI requirements

contained in this manual.

The opt-out and opt-in approval requirements must be followed for marketing related

services to the customer or for distribution to Company affiliates or third parties.

When customer approval of CPNI use is necessary, it may be obtained through written,

oral, or electronic methods. The Company must maintain records of approval, whetheroral, written, or electronic. The Company must implement a system by which the status

of a customer’s CPNI approval can be clearly established prior to the use of CPNI.

The company must provide notification to the customer of the customer’s right to restrictuse of, disclosure of, and access to that customer’s CPNI. The company must maintain

records of notification.


7/58

Section2-CPNI Background MS.doc Page 1 of 3 Released: September 4, 2015


MCCLURE SERVICES LLCCPNI MANUAL

CPNI Background

CPNI Definition

CPNI is defined as “(A) information that relates to the quantity, technical configuration,type, destination, location, and amount of use of a telecommunications service subscribed

to by any customer of a telecommunications carrier, and that is made available to the

carrier by the customer solely by virtue of the carrier-customer relationship; and (B)information contained in the bills pertaining to telephone exchange service or telephone

toll service received by a customer of a carrier.”1

Practically speaking, CPNI includes information such as the phone numbers called by a

consumer; the frequency, duration, and timing of such calls; and any services purchased by the consumer, such as call waiting. CPNI, therefore, includes some highly-sensitive

personal information.

Section 222 of the Telecom Act of 1996

In the Telecom Act, Congress created a framework to govern telecommunications

carriers’ protection and use of information obtained by virtue of providing atelecommunications service. The Section 222 framework calibrates the protection of

such information from disclosure based on the sensitivity of the information. It places

fewer restrictions on the dissemination of information that is not highly sensitive and oninformation that the customer authorizes to be released, than on the dissemination of

more sensitive information the carrier has gathered about particular customers. Congress

has accorded CPNI the greatest level of protection under the framework of Section 222.

Section 222 reflects the balance Congress sought to achieve between giving each

customer ready access to his or her own CPNI, and protecting customers from

unauthorized use or disclosure of CPNI. Every telecommunications carrier has a generalduty, pursuant to Section 222(a), to protect the confidentiality of CPNI. In addition,

Section 222(c)(1) provides that a carrier may only use, disclose, or permit access to

customers’ CPNI in limited circumstances:(1) as required by law;2

(2) with the customer’s approval; or

1 47 U.S.C. § 222(h)(1)2 See, e.g., Implementation of the Telecommunications Act of 1996: Telecommunications carriers’ Use of

Customer Proprietary Network Information and Other Customer Information, CC Docket No. 96-115,

Declaratory Ruling, 21 FCC Rcd 9990 (2006) (clarifying that Section 222 does not prevent a

telecommunications carrier from complying with the obligation in 42 U.S.C. § 13032 to report violations of

specific federal statutes relating to child pornography).


8/58



(3) in its provision of the telecommunications service from which such

information is derived, or services necessary to, or used in the provision of,

such telecommunications service.

Section 222 also guarantees that customers have a right to obtain access to, and compel

disclosure of, their own CPNI.

CPNI Order of 1998

In 1998, the Federal Communications Commission (FCC or Commission) released theCPNI Order in which it adopted a set of rules implementing Section 222. In this Order,the Commission outlined the extent to which Section 222 permits carriers to use CPNI to

render the telecommunications service from which the CPNI was derived. Beyond such

use, the Commission’s rules require carriers to obtain a customer’s knowing consent before using or disclosing CPNI. Under these rules, telecommunications carriers must

receive Opt-Out consent before disclosing CPNI to joint venture partners and

independent contractors for the purposes of marketing communications-related services

to customers. In addition, the Commission also adopted a set of rules designed to ensure

that telecommunications carriers establish effective safeguards to protect againstunauthorized use or disclosure of CPNI. Among these safeguards are rules that:

• require carriers to design their customer service records in such a way that the

status of a customer’s CPNI approval can be clearly established;

• require telecommunications carriers to train their personnel as to when theyare and are not authorized to use CPNI;

• require carriers to have an express disciplinary process in place;

• require carriers to maintain records that track access to customer CPNI

records and to maintain such records for a period of at least one year;

• require the establishment of a supervisory review process for outbound

marketing campaigns; and

•

require each carrier to certify annually regarding its compliance with thecarrier’s CPNI requirements and to make this certification publicly available.

Temporary Opt-Out Clarification - 2001

In a 2001 clarification to the above Order, the FCC permitted carriers to rely on Opt-Out

measures for customer approval of using their CPNI for marketing.

Opt-In Requirement - 2002

In 2002, the FCC then issued rules requiring Opt-In measures for customer approval for

carriers’ release of CPNI to Third Parties; however, Opt-Out provisions were allowed for

the release of CPNI to Affiliated Parties.

EPIC Petition - 2005

In 2005, Electronic Privacy Information Center (EPIC) filed a petition with theCommission asking the Commission to investigate telecommunications carriers’ current

security practices and to initiate a rulemaking proceeding to consider establishing more


9/58



stringent security standards for telecommunications carriers to govern the disclosure of

CPNI. In particular, EPIC proposed that the Commission consider requiring the use of

consumer-set passwords, creating audit trails, employing encryption, limiting dataretention, and improving notice procedures.

CPNI Report and Order of 2007

In April 2007, the FCC released its Report and Order and Further Notice of ProposedRulemaking regarding Telecommunications Carriers’ Use of CPNI and Other Customer

Information, on which this manual is based. The manual will be updated when

necessary.

CPNI Summary

Since the CPNI Order of 1998, telecommunications carriers have sued many people

whom they accuse of fraudulently obtaining phone records. These people are referred toas “pretexters”. Pretexting is a practice where an individual impersonates another person and employs false pretenses, or otherwise uses trickery to obtain records. For

example, in one of the cases filed by Cingular, Cingular stated that the defendant pretexter posed as an employee of Cingular and as a customer of Cingular in order to

induce Cingular’s customer service representatives to provide them with the call records

of a targeted customer.

In addition to individual pretexters, data brokers are businesses that operate (often via awebsite) by offering phone records as well as other personal information for a fee. The

data brokers retrieve the personal information through pretexting. Numerous complaintshave been filed with the Federal Trade Commission (FTC) against data brokers.

Additionally, numerous states have sued data brokers for pretexting phone records.

However, the data brokers have generally responded that there is no law prohibiting themfrom selling phone records.

However, recently several telecommunications carriers have been fined for failing tosafeguard customer information and complying with FCC CPNI regulations. Evensmall carriers have been given hefty fines in the range of $100,000.


10/58

Section3-Definitions MS.doc Page 1 of 3 Released: September 4, 2015



CPNI MANUAL

CPNI-Related Terms and Definitions

Address of Record

Either postal or electronic (email) that the carrier has associated with the customer’saccount for at least 30 days.

Affiliate

A person that (directly or indirectly) owns or controls, is owned or controlled by, or is

under common ownership or control with, another person. For purposes of this

paragraph, the term “own” means to own an equity interest (or the equivalent thereof) of

more than 10 percent.

Breach

When a person, without authorization or exceeding authorization, has intentionallygained access to, used, or disclosed CPNI.

Call Detail Information

Any information that pertains to the inbound and/or outbound calls. For example,

telephone records containing date, time, calling number, called number, length of call,

etc. This information is considered CPNI and requires the highest level of privacy,according to the current FCC rules.

CustomerA person or entity to which the telecommunications carrier is currently providing

services.

Communications-related Services

Telecommunications services, information services typically provided by

telecommunications carriers, and services related to the provision or maintenance of

customer premises equipment.

Customer Authentication

By using not-readily available biographical information, the customer’s identity isconfirmed.


11/58



Customer Proprietary Network Information (CPNI)

Defined as “(A) information that relates to the quantity, technical configuration, type,destination, location, and amount of use of a telecommunications service subscribed to by

any customer of a telecommunications carrier, and that is made available to the carrier by

the customer solely by virtue of the carrier-customer relationship; and (B) informationcontained in the bills pertaining to telephone exchange service or telephone toll service

received by a customer of a carrier.”1

Practically speaking, CPNI includes information such as the phone numbers called by aconsumer; the frequency, duration, and timing of such calls; and any services purchased

by the consumer, such as calling features like call waiting or voicemail. CPNI, therefore,

includes some highly-sensitive personal information.

Data Brokers

Businesses that operate (often via a website) by offering phone records as well as other

personal information for a fee. The data brokers retrieve the personal informationthrough pretexting.

Existing Customer Relationship

Based on the provisioning of services requested by the customer that establishes a

business relationship between a company and its customer.

Independent Contractor

Third party company which the telephone company engages in business.

Information Service

Information services typically provided by telecommunications carriers, such as Internet

access or voice mail services. Information services in this paragraph do not include retailconsumer services provided using Internet websites (such as travel reservation services or

mortgage lending services), whether or not such services may otherwise be considered to

be information services.

Interconnected Voice Over Internet Protocol

A service that: (1) enables real-time, two-way voice communications; (2) requires a

broadband connection from the user’s location; (3) requires Internet protocol-compatiblecustomer premises equipment; and (4) permits users generally to receive calls that

originate on the public switched telephone network and to terminate calls to the public

switched telephone network.

Joint-Venture Partner

Another business in which the telephone company may be invested in ownership.

1 47 U.S.C. § 222(h)(1)


12/58



Pretexting

Practice where an individual impersonates another person and employs false pretenses, orotherwise uses trickery to obtain records.

Readily Available Biographic InformationInformation that is created from the customer’s life history (i.e. social security number or

last four digits, home address, mother’s maiden name, date of birth).

Section 222

Requires carriers to protect CPNI as part of the Telecommunications Act of 1996.

Telephone Number of Record

The telephone number associated with the underlying service and can not be a supplied

number as the customer’s “contact information”.

Valid Photo IDGovernment-issued unexpired personal identification with a photograph (i.e. driver’s

license or passport).


13/58

Section4.1-CompanyRespons. MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

Company Responsibilities

MCCLURE SERVICES LLC (MCCLURE ) has outlined the followingresponsibilities for CPNI compliance based upon the FCC rules:

Create a CPNI Manual. A CPNI manual has been created for all employees of the

company to read, understand, and abide by for CPNI compliance. The CPNI manual

should be adopted by the Board of Directors.

Employee Acknowledgement and Disciplinary Actions. After employees have

received training on the CPNI rules and regulations, each MCCLURE employee

should sign the Employee Acknowledgement of CPNI Compliance Certification andunderstand the disciplinary actions for unauthorized release of CPNI.

Designate a CPNI Compliance Officer (CPNI CO). A CPNI CO will be assigned

to overlook all MCCLURE CPNI compliance of the FCC rules. This CPNI CO will

sign the CPNI Compliance Certification Form after reading and thoroughly

understanding the CPNI manual. The CPNI CO duties are detailed in the Compliance

Officer Responsibilities section of this CPNI manual. See Section 5 for MCCLURE

’s duties as assigned to the CPNI CO.

Network Security. MCCLURE is responsible for the safeguarding of CPNI when it

is stored in a database. Encryption is not required by the FCC; however, safeguardmeasures must be taken to protect the stored CPNI information.

Note: The FCC stressed its expectation that carriers will take affirmative measuresto discover and protect against activity that is indicative of pretexting beyond what

is required by the FCC’s current rules, and reminded carriers that the Telecom Act

imposes on them the duty of instituting effective measures to protect the privacy ofCPNI.1

1 Federal Communications Commission, First Report and Order Regarding Telecommunications

Carriers’ Use of Customer Proprietary Network Information and Other Customer Information, CC

Docket No. 96-115 and WC Docket No. 04-36, released April 2, 2007. (Page 21, #35)


14/58

Section4.2-CORespons. MS.doc Page 1 of 2 Released: September 4, 2015



CPNI MANUAL

Compliance Officer Responsibilities

MCCLURE SERVICES LLC (MCCLURE) has designated the following employee

as the CPNI Compliance Officer (CPNI CO):

____________________ (Mary Claire Cartwright)_

_________________________

CPNI CO responsibilities have been added to the designated employee’s job

responsibilities and duties. The CPNI CO responsibilities include:

Annual Compliance Certification Filing. MCCLURE CPNI Compliance Officer

will act as an agent of MCCLURE in certifying compliance with the FCC rules on anannual basis, stating that he/she has personal knowledge that the company has

established operating procedures that are adequate to ensure compliance with theFCC’s CPNI rules. The CPNI CO will be required to make this filing annually with

the Enforcement Bureau on or before March 1st of each year for previous year’s data.

Company’s Main CPNI Point of Contact. The CPNI CO will be the company’s

main point of contact for employees, customers, and other parties.

Maintenance and Security of CPNI. The CPNI CO is responsible for ensuring

proper maintenance and security of the CPNI files.

Track CPNI Complaints. CPNI CO must track all customer complaints regarding

the unauthorized release of CPNI and include a summary of all those complaints that

were received during the past year in the annual certification filing.

Track Actions Taken Against Data Brokers. This summary needs to be included

in the annual certification filing with the FCC.

Track CPNI Breaches. CPNI CO must track all CPNI breaches and actions taken

against data brokers and maintain the records for a minimum period of 2 years.

Notification of Unauthorized Disclosure of CPNI. CPNI CO must notify lawenforcement within seven days of a suspected CPNI breach and then notify the

customer within seven days after notification to law enforcement. However, if law

enforcement requests additional time before notifying the customer the CPNI COmust keep record of such instructions from the law enforcement.


15/58

Section4.2-CORespons. MS.doc Page 2 of 2 Released: September 4, 2015


Review Company Marketing Procedures. CPNI CO must review CPNI

compliance in company marketing procedures by ensuring the appropriate Opt-Out

and Opt-In approval requirements are met. Keep details of all marketing campaignsutilizing CPNI.

Review and Document Company CPNI Use. CPNI CO must review and document

all company use of CPNI ensuring proper utilization.

Train Employees on CPNI Requirements and Procedures. CPNI CO will be

responsible for training all company employees on CPNI requirements mandated by

the FCC and the company procedures.

Ensure Employees are CPNI Certified. CPNI CO will be responsible for ensuringcompany employees have certified their knowledge of the company’s CPNI

requirements.

Ensure Customer Notification of Account Changes/Activity. CPNI CO will be

responsible for ensuring customers have been notified of qualifying account changes

and/or account activity with in 48 hours of such change/activity.

Ensure Company Measures of CPNI Protection. CPNI CO will ensure company

has established and utilizes sufficient measures to discover and protect against

pretexting and unauthorized disclosure of CPNI. CPNI CO will also establish andimplement additional steps beyond the FCC rules to protect the privacy of CPNI to

the extent such measures are feasible.

Designate Assistant CPNI CO. The CPNI CO will designate an assistant CPNI CO

to help with the overseeing of CPNI compliance and will step in for the absence of

the CPNI CO.


16/58

Section4.3-EmployeeRespons. MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

Employee Responsibilities Regarding CPNI

MCCLURE SERVICES LLC Employee CPNI responsibilities include:

Assist CPNI Compliance Officer (CPNI CO) in ensuring maintenance and security of

the Company’s CPNI files.

Notify CPNI CO of any CPNI-related complaints from customers.

Notify CPNI CO of any breaches of CPNI rules.

Review and follow CPNI requirements and procedures and sign Employee

Acknowledgement of CPNI Compliance Certification.

Assist in ensuring that customers are notified immediately of any account changes or

activity.

Notify CPNI CO of any CPNI violations.

Assist in ensuring that sufficient measures are used to discover and protect against pretexting and unauthorized disclosures of CPNI.

Must authenticate customers before discussing non-call detail CPNI with a customer.

Must require the associated account password be supplied by the authorized account

customer before providing call detail to the customer. Or the other three means of

call detail release approved by the FCC may be utilized: Call back customer attelephone of record, mail to address of record, or have customer come in with valid

government-issued photo ID.


17/58

Section5-DisciplinaryProc. MS.doc Page 1 of 1 Released: September 4, 2015

Prepared by Vantage Point Solution – For Internal Company Use Only


CPNI MANUAL

Disciplinary Procedures Relating to

Violations of CPNI Protection

MCCLURE SERVICES LLC (MCCLURE) has established the

following disciplinary procedures for CPNI violations and CPNI

breaches, whether intentional or unintentional. All employees of our

company are subject to the following disciplinary actions for CPNI

violations and CPNI breaches:

CPNI Violations include but are not limit to discussing products or services with a

customer outside the existing service relationship without the customer’s permissionand/or engaging in marketing efforts without observing the opt-out and opt-in approval

requirements.

Disciplinary Action for CPNI Violations: A first-time violation requires the employeeto re-read the CPNI manual and be re-trained on CPNI rules and procedures. Additional

violations may result in reassignment, suspension, and/or termination, based on the

seriousness and frequency of the CPNI violation(s).

CPNI Breaches occur when an employee acts without customer authority to intentionally

use, share, or disclose CPNI. Examples include distributing or selling CPNI to third

parties, or any action that harms the customer or the Company with the release of CPNI.

Disciplinary Action for CPNI Breaches: Depending on the occurrence and severity ofthe breach, the disciplinary action for a CPNI breach may result in retraining,

reassignment, suspension, and termination.

Note: MCCLURE SERVICES LLC has the right to handle the disciplinary actions

regarding CPNI violations and CPNI breaches as the Company sees fit for the type of

violation or breach in regards to frequency and severity of the violation or breach

occurrence. CPNI is a confidential matter in our office and we expect employees to

take all necessary steps in order to protect our customer’s privacy.


18/58

Section6-AACs MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

Authorized Account Contacts

Authorized Account Contact

Employees may only discuss and/or provide CPNI information to an AuthorizedAccount Contact (AAC) for that particular account being discussed. If someone is

not listed on the account as an AAC (such as a spouse or child of an elderly customer),

the employee may use the “Authorized Account Contacts” form to add this person to the

account as an AAC only with the approval of the current AAC.

Note: Payments may be received from non-AACs, as long as the employee does not

provide CPNI information to them. (For example, the employee may not providespecifics about the call detail records or dollar amounts of an invoice, however if the

person knows the dollar amount or wants to make the payment by placing so much

money on the account then that is acceptable). Also, if the customer can provide detailsof a call, those provided details can be discussed but additional information can not be

provided.

Important Note: Any time that a customer requests access to information contained in

call detail records (such as the called number, length of call, etc.), a password is

required (or if a password is not supplied the other three methods discussed previously

that are approved by the FCC of calling back the number of record, mailing to the

address of record, or customer providing valid photo ID may be utilized). Employees are forbidden from supplying call detail record information to anyone without the

account password, even if Caller ID indicates that the customer is calling from the

telephone number of record. However, other information, such as discussing calling

feature purchases, etc., may be disclosed without a password, but only after the

customer has been authenticated.


19/58

Section7-Authentication MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

Customer Authentication Procedures

Customer Authentication

For employees to authenticate an authorized account contact (AAC), the employee should politely explain that the Federal Communications Commission (FCC) now requires

authentication in order to protect their privacy before discussing account information.

Then, explain that you could do this by asking a few questions to verify the customer’s

identity. Example questions to authenticate a customer include:

How long have you had your account with us?

What are the features and services you receive from us? Are there any other names listed on the account?

What is your average month bill amount?

Note: The employee could also call back the telephone number of record; however

they must still verify this is the AAC they are talking with. For example if only the

husband is the AAC, and a woman answers or is the one calling for authentication the

employee should not discuss the CPNI with her but offer to establish the spouse as an

AAC once approved by the current AAC.


20/58

Section8-Passwords MS.doc Page 1 of 2 Released: September 4, 2015



CPNI MANUAL

Password Protection Procedures

Establishing a Password

New Customers

MCCLURE SERVICES LLC (Company) requires new customers to establish a password at the time of service initiation because the customer can be easily

authenticated at that time by showing government issued identification.

Existing Customers

Company will initially send a mass mailing to its authorized account customers(AAC) in order to inform the AAC of the new password requirement for therelease of CPNI information and to allow the customers to fill out the “PasswordSet Up” form and return it to the Company.

If existing AACs do not set up a password at the time of the initial mailing, but

later decide to establish one by either calling into the Company or stopping intothe Company office, employees must first authenticate the customer without

the use of readily available biographical information or account information. (See

authentication procedures in previous Section 7.)

Password Set Up

Customers must provide responses to the “Password Set Up” form, which

includes the actual password as well a couple security question answers in casethe password is forgotten.

Use of Password

When a customer calls or stops in and requests call detail information, employees should politely explain to the customer that the FCC requires the customer to provide the

account password before this information may be disclosed. If the customer is unable to

provide the password, the employee should ask the account security questions to the

customer and if answered correctly, may then provide the requested call detail recordinformation and establish a new password.

If the customer is unable to provide the password and does not answer the two selectedsecurity questions correctly, or if the customer refuses to set up a password, the employee


21/58

Section8-Passwords MS.doc Page 2 of 2 Released: September 4, 2015


should explain the following options and may share the call detail records by only the

three following methods:

1. calling the customer back at the telephone number of record;

2. mailing or emailing the information to the address of record (address must be

on company file for at least 30 days); or3. authenticating the customer’s identity in person with a valid government-

issued photo identification.


22/58

Section9-OnlineAccess MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

On-line Account Access Requirements

On-line Account Access

Because the Company is responsible to ensure the security and privacy of online account

access, the Company must appropriately authenticate both new and existing customersseeking access to account information online. Therefore, the FCC requires the use of

passwords for on-line account review and billing access.

If a password is already in place, it is not required to establish a new password at this

time, unless it is based solely on readily available biographical information oraccount information. For new customers, a carrier should request that a customerestablish an on-line password at the time of service initiation, which again can not be based on readily available biographical information or account information.

Note: The FCC expects carriers to block access to the customer’s account if repeatedunsuccessful attempts are made when trying to log in.


23/58

Section10-Notifications MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

Account Change/Activity Notification Procedures

The FCC requires the Company to notify customers immediately of certain account

changes, including:

Password created

Password changed

Customer response to security questions were utilized

Online account password created

Online account password changed

Online account authentication response

Physical address of record changed

Email address of record changed

Authorized customer was added to the account

Company is also required to notify customer of a security breach within seven days after

the law enforcement has been notified (or longer only if law enforcement requests

additional time) as described in Section 12, Reporting Procedures.


24/58

Section11-BusinessExempt MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

Business Customer Exemption

Some business customer accounts contain privately negotiated proprietary information

safeguards, as established in an account contract. Therefore, if our contract with a business customer is serviced by a dedicated account representative as the primary

contact, and specifically addresses MCCLURE SERVICES LLC’s protection of the

business customer’s CPNI, the authentication rules do not have to be followed for that particular business customer. However, the remainder of the CPNI rules still needs to be

followed.


25/58

Section12-Reporting MS.doc Page 1 of 1 Released: September 4, 2015



CPNI MANUAL

CPNI Violation and Breach Reporting Procedures

Law Enforcement Notification

MCCLURE SERVICES LLC (MCCLURE) must notify law enforcement of a breach ofits customers’ CPNI no later than seven business days after a reasonable determination

of a breach, by sending electronic notification through a central reporting facility to the

United States Secret Service (USSS) and the Federal Bureau of Investigation (FBI). TheFCC Enforcement Bureau will maintain a link to the reporting facility at

www.fcc.gov/eb/CPNI.

Customer Notification

Then, MCCLURE must notify the customer and/or disclose the breach publicly afterseven business days following notification to the USSS and the FBI, if the USSS and the

FBI have not requested that MCCLURE continue to postpone disclosure. However,

MCCLURE may notify the customer immediately or publicly disclose the breachimmediately after consultation with the relevant investigative agency, if MCCLURE

believes that there is an extraordinarily urgent need to notify a customer or class of

customers in order to avoid immediate and irreparable harm.

Maintenance of Records

Additionally, MCCLURE must maintain a record of any discovered breaches,

notifications to the USSS and the FBI regarding those breaches, and the USSS and FBIresponses to the notifications for a period of at least two years. This record must include,

if available, the date the breach was discovered, the date that MCCLURE notified the

USSS and the FBI, the date that MCCLURE notified the customer, a detailed descriptionof the CPNI that was breached, and the circumstances of the breach (including steps

taken by MCCLURE to prevent the breach, how the breach occurred, and the impact of

the breach).

Cooperation with Law Enforcement

MCCLURE employees must fully cooperate in any law enforcement investigation of

such unauthorized release of CPNI or attempted unauthorized access to an account,

consistent with statutory and FCC requirements.

Note: For carriers with breaches, the FCC can still issue forfeitures against them even if

all the CPNI rules are proven to have been met. It is important for our company to go

above and beyond all FCC CPNI protection rules, displaying our commitment to

protecting our customers CPNI.


26/58

Section13-Opt-In Opt-Out MS.doc Page 1 of 2 Released: September 4, 2015



CPNI MANUAL

Opt-In and Opt-Out Requirements

Opting Background

A significant change was made by the FCC in its First Report & Order dated April 2, 2007, to the prior CPNI opt-out rule. Previously, carriers were to send an opt-out form to the customersinforming them that their CPNI would be shared with joint venture or independent contractors formarketing communications-related services. If they signed an “opt-out” form, the carrier couldnot share that particular customer’s information with any other parties. With the new rules, the

old “opt-out” rule has been eliminated for sharing CPNI with a joint venture or third party. Now,the customer must specifically “opt-in” or consent to sharing their CPNI with a third party formarketing use.

Under the new rules, carriers can market enhancements to services the customer already has based on CPNI without customer consent. For example, if a customer subscribes to local service,the carrier does not need customer approval to use the CPNI to sell calling features for that local

service such as call waiting. However, for services outside the existing scope of business thecarrier must have customer permission to market the additional services and products based upon

CPNI whether in-house (subject to opt-out approval requirements) or to a third party (subject toopt-in approval requirements). For example, if the customer has only local service with thecarrier and no long distance, the long distance service promotions can not be shared with that

customer without the customer’s permission. If the customer chooses to sign and return an “opt-out” form, the carrier will not be able to use the customer’s CPNI to market any services outside

the existing scope of service with the carrier, unless the customer initiates a request to discuss a particular service. The carrier also may not share the customer’s CPNI with any affiliates tomarket services outside their existing services with the customer if an opt-out form as been

returned to the carrier, unless one-time approval has been given. Customers must be notified oftheir right to “opt-out” of marketing endeavors for services and products outside the existingrelationship.

Opting Methods

There are two methods of opting approval:

1) Opt-Out – Notice stating the carrier considers the customer to have given approval of CPNIuse for marketing unless the customer informs the company otherwise

2) Opt-In – Notice requesting that the customer give permission to the company to use CPNIfor marketing

These approval methods must be utilized and followed before CPNI is shared either internally or

externally for marketing purposes. Company must track the opting notices, keep the signednotices on file, and notate status in the company billing records. The company should not sendexcessive notices to their customers in any fashion that could be considered badgering or

harassment.

Reminder: Names, addresses, and phone numbers are not considered CPNI. Companies maymarket to all customers based on non-CPNI. Be sure the non-CPNI marketing campaign is


27/58

Section13-Opt-In Opt-Out MS.doc Page 2 of 2 Released: September 4, 2015


approved by the CPNI Compliance Officer, as all marketing should be, and goes to eachcustomer selected by the chosen criteria.

Note: Company should give at least 30 days notice of opt-out opportunity to the customer before

utilizing the CPNI for marketing.


28/58

Section14-FAQs-Revised 09 03 15 MS.docPage 1 of 6 Released: September 4, 2015



CPNI MANUAL

CPNI Frequently Asked Questions

What is Customer Proprietary Network Information?

In general terms, CPNI is personal information contained in customer records. From atelecommunication carrier’s standpoint, CPNI is most of the information collected by the

carrier for service provisioning and billing purposes. CPNI includes call detail

information, including calling numbers, called numbers, length of call, etc. Because ofthe public nature of customer names, addresses, and phone numbers, these items are not

considered to be CPNI.

When are the New CPNI Rules Effective?

CPNI rules are already in effect and have been around for many years. However,

compliance with the updated FCC rules (from the Federal Communications Commission

Report and Order and Further Notice of Proposed Rulemaking issued on April 2, 2007)

was required six months after the “effective date” of the Order or upon approval by theOffice of Management and Budget (OMB), whichever was later. The Report & Order

was published in the Federal Register on June 8, 2007, so the updated CPNI rules became

effective on December 8, 2007 (six months from this date). However, small carriers(defined as a “small entity” as discussed below) had an additional six months to comply

with the online password protection requirements.

Regarding the new online access CPNI rules, our company meets the definition of “small

entity” or a “small business concern” under the Regulatory Flexibility Act for Small

Business and therefore was eligible for an additional six month extension on these

particular rules. Therefore, the effective date was June 8, 2008.

Who Needs to Comply with CPNI Rules?

The CPNI rules apply to Telecommunications Carriers (all voice service entities), as

defined by the Communications Act of 1934, as amended, and including interconnectedVoice Over Internet Protocol (VoIP) providers. Therefore, the definition of

telecommunications carriers would include local exchange carriers (incumbent and

competitive), long distance carriers (or interexchange carriers), mobile (or cellular)

carriers, and VoIP providers.

Are passwords required for the use or release of all types of CPNI? No, passwords are only required by the FCC for call detail CPNI; however, companies

may implement password protection on all CPNI in order to keep consistency for the

employees and customers. To release non call detail information, carriers are still subjectto Section 222 of the Telecom Act and therefore, must authenticate the customer prior to


29/58



disclosing non call detail CPNI. (The FCC is still reviewing comments regarding

whether passwords should also be required for certain non-call detail CPNI.)

What is “readily available biographical information”?

Readily available biographical information includes such things as the customer’s social

security number, or the last four digits of that number, the customer’s mother’s maiden

name; a home address, or a date of birth.

Per the FCC, when are passwords required?

A password is required in order to release call detail CPNI information. However the

company can choose whether to tighten this requirement to non-call detail CPNI as well.The FCC is still reviewing comments on whether to require a password on certain non

call detail CPNI as well, but to date passwords are required by the FCC only for call

detail information that is not provided by the customer.

What is “call detail”?

Call detail includes any information that pertains to the transmission of specific telephonecalls including, for outbound calls, the number called and the time, location, or duration

of any call. For inbound calls, call detail includes the number from which the call was placed, as well as the time, location, or duration of any call.

Are there any other ways to release call detail CPNI if a customer does not

remember his/her password or does not desire to set one up?

Yes. An employee may release call detail CPNI without a password by only one of the

following three methods:

1.

Call the customer back at the telephone number of record;2. Mail or email the CPNI information to the address of record; or

3. Confirm the customer’s identity in person with a valid photo ID.

What is a “valid photo ID”?

A valid photo ID is a government-issued personal identification with a photograph, such

as a current driver’s license, passport, or comparable identification.

What is meant by “telephone number of record”?

The telephone number of record is the telephone number associated with the underlying

service, rather than some other telephone number supplied as a customer’s “contactinformation”.


30/58



What is meant by “address of record”?

The address of record is the address, whether postal or electronic, that the carrier hasassociated with the customer’s account for at least 30 days. Requiring that the address be

on file for 30 days will foreclose a pretexter’s ability to change an address of record for

the purpose of being sent call detail information immediately.

What are examples of CPNI that is non call detail information?

Some examples of CPNI that is non call detail would be remaining minutes of use on a

calling plan, account features, or dollar amounts billed.

May an employee rely on Caller ID as an authentication method?

No. Pretexters could easily replicate Caller ID numbers. The caller ID information is not

an authorized method of authentication.

What is “account information”?

Account information is the information related to a customer’s account, which includessuch things as account number or any component thereof, including the telephone

number associated with the account or the amount of the last bill.

How long do I have to report a CPNI breach to law enforcement?

The Company must report a CPNI breach within seven days to law enforcement.

How shall law enforcement be notified of a breach of CPNI?

The FCC Enforcement Bureau will maintain a link to the reporting facility at

www.fcc.gov/eb/CPNI.

How long do I have to report a CPNI breach to our customer?

The Company must report a CPNI breach to the customer seven days after it was

reported to law enforcement for investigation. If law enforcement requests a longer time

period before notifying a customer, the Company must abide but keep notes of suchrequest.

May I share CPNI with a spouse, child, or parent of the authorized account

customer?

Not unless that person is already listed as an Authorized Account Contact for that

particular account. CPNI may only be shared with the Authorized Account Contact.

May I share CPNI information with a person who provides the correct account

password, but is clearly not an Authorized Account Contact?

No. CPNI may only be shared with the Authorized Account Contact.


31/58



If a security question is utilized for a forgotten password, what must be done?

The FCC requires that the Company send notification to the address of record (bestchoice) or leave a voice message or send a text message to the phone number of record

notifying the customer that security questions were utilized to gain account access. A

new account password will also need to be set-up.

What is meant by a customer response to a carrier-designed security means of

authentication”?

A customer response to a carrier-designed security means of authentication is the

customer’s pre-selected answer to the carrier’s security authentication method in theevent that the customer lost or forgot his/her password.

If a customer calls with a question about a long distance call and wants to discuss

call detail information relating to that call, how should the employee handle the

call?

The employee should politely explain that the FCC requires our company to use a password to access the customer’s call records in order to protect the customer’s privacyand to prevent others from accessing the customer’s private account information. If the

customer then provides the password, the employee may begin discussion regarding the

call detail information. If the customer cannot provide the password, the employee maythen ask the customer to answer a security question. If the customer provides the correct

answer to the security question, the employee may then begin discussion regarding the

call detail information. (The employee may try another security question if the first

security question is not answered correctly.) If the customer has not previously set up a password and security questions, then the employee should offer to assist the customer in

setting up a password by authenticating the customer (i.e., calling the customer back at

the telephone number of record, asking for answers to non-biographical or non-accountinformation questions, etc.) and then assisting them in setting up the password and

security questions. (Please see Sections 7-8 of the CPNI manual.) Note: If the customer

supplies the details of the call, those particular details may be discussed without a password.

If the customer refuses to establish a password in the above scenario, what should

be done?

The employee should politely explain that the customer has the following three

alternatives in order to access the call detail information:

1. Company will call the customer back at the telephone number of record;

2.

Company will mail the information to the address of record (postal orelectronic, but the address must be in the Company files for at least 30 days);

or

3. Customer may stop into the office and show a valid government-issued photoID.


32/58



What if a customer calls asking about calling features on the monthly bill?

Because this request is not for call detail information, which would require a password,

the employee should politely authenticate the customer by confirming that the person isan Authorized Account Contact, by asking a few of the following suggested questions:

How long have you had your account with us?

What are the features you receive from us? What are the services you receive from us?

Are there any other names listed on the account?

What is your average monthly bill amount?

How may our company use CPNI without prior customer approval?

A carrier may use CPNI without prior customer permission to market services within an

existing customer relationship, to perform mass marketing (such as bill inserts, directmail, newsletters), to provision products and services, for installation and repair services,

to comply with law enforcement, and to establish directory listings.

May our company distribute CPNI to a third party, joint-venture partner, or

independent contractor without the customer’s express permission?

No. This type of CPNI use would be subject to Opt-In Approval by the customer. All

customers must give permission before their CPNI can be released to a third party, joint-venture partner or independent contractor.

What does “Opt-In” approval” mean?

Opt-in approval means that the customer must give notice to the Company that they give permission for their CPNI to be shared with joint-venture partners, independent

contractors, and/or third parties.

A customer has left our company and has gone to the competition for certain

services. May we use this customer’s CPNI to promote a “win-back” campaign for

these particular services?

No, the customer’s CPNI can not be used in this way, unless your company has sent an

Opt-Out Notification to the customer and the customer did not return a signed Opt-Outform. However, mass marketing may be used to entice this type of customer back.

Some of our local exchange service customers do not currently have our affiliate’s

long distance service, may we share these customers’ CPNI with our long distance

affiliate to promote a targeted marketing campaign for the long distance serviceand/or bundling of services?

Yes, except to any customers that have returned signed Opt-Out forms.


33/58



A customer called in with a question regarding his local service, may we promote

our affiliate’s DSL service without asking his permission?

Yes, except to any customers that have returned signed Opt-Out forms.

If a customer signs an “opt-out”, what does this mean?

This means that employees may not discuss any service with that customer, except the

particular ones requested by the customer, or within the customer’s existing scope ofservices with the carrier.

How can my company market services or products without utilizing the Opt-Out

and Opt-In Forms?

Mass marketing (based on addresses and/or phone numbers of all customers, or based on

phone numbers and/or addresses contained in public sources for a specific exchange or

zip code) may be used to promote services or products as you would not be using CPNI

for this type of marketing. Also, employees asking permission of the customer to discuss products and services would be another way.

Our affiliate just rolled out DSL service in one of our exchanges. May we share

CPNI with the affiliate to market this service to those customers without marketing

to our remaining customers?

Yes, to the customers that have not returned a signed Opt-Out form or if you base the

marketing on public information such as, name, address, and phone number (which arenot considered to be CPNI) for a particular zip code or phone exchange.

What is an existing customer relationship?

An existing customer relationship is based on the following categories of service:

Local voice and all related services

Long distance and all related services

Internet and all related services

Wireless phone and all related services

Bundles and all related services

See Up-Selling Opportunities in section 15 to help assist in determining the related

services.

.

Note: CATV CPNI is protected under a separate set of rules, US Code Title 47,Chapter 5, Subchapter V-A, Part IV, Section 551.


34/58

Section15-MarketingOpportunities MS.docPage 1 of 2 Released: September 4, 2015



CPNI MANUAL

Marketing Opportunities Within Service Categories

In Order to Comply With CPNI Rules

(If Your Company Does Not Utilize the Opt-Out / Opt-In

Methods of Gaining Customer Approval to Use CPNI)

Marketing without prior customer approval may only be done when there is an existingcustomer relationship. An existing customer relationship means that the customer

already has ordered a particular service or has initiated contact with the company to

discuss a particular service. Note: All employees, especially Customer Service

Representatives, installation and repair technicians, receptionists and any otherfront desk and phone employees, need to be aware of the rules regarding what they

may discuss with a customer in order to market more services.

An existing customer relationship may include the following categories of service:

Local voice and all related services

o Customer Premises Equipment, such as telephones, fax machine,

head phones, etc.

o Second phone line

o Calling Features, such as Caller ID and Voicemail, etc.

o Key Systems

Long distance and all related services

o Alternative long distance plans

o Bundles of long distance minutes, including increase in minutes

plan or unlimited plan

Internet and all related services

o Customer Premises Equipment, such as modems and routers

o Mailboxes

o Virus Protection

o Static IP Addresses

o

Spam Filtering

o Web Storage

o Upgrade from dial-up Internet to high-speed DSL

o Upgrade from lower bandwidth DSL to higher bandwidth DSL

o Wireless broadband


35/58

Section15-MarketingOpportunities MS.docPage 2 of 2 Released: September 4, 2015


Bundles and all related services

o If customer currently has a voice and long distance bundle , those

are the only services (along with all the related services, such as

upgrades within that bundle) that can be discussed without the

employee’s approval to discuss other services.

o If customer currently has a voice and data bundle , those are the

only services (along with all the related services, such as upgrades

within that bundle) that can be discussed without the employee’s

approval to discuss other services.

o If customer currently has a voice and video bundle , those are the

only services (along with all the related services, such as upgrades

within that bundle) that can be discussed without the employee’sapproval to discuss other services.

o If customer currently has a voice, data, and video bundle , those




o

If customer currently has a voice, data, and wireless bundle , those




Note: CATV CPNI is protected under a separate set of rules, US Code Title 47,

Chapter 5, Subchapter V-A, Part IV, Section 551.


36/58

Section16.1-SampleCustomerMemo MS.doc Page 1 of 2 Released: September 4, 2015

TO: MCCLURE SERVICES LLC Customer

FROM: Mary Claire CartwrightCPNI Compliance Officer, MCCLURE SERVICES LLC (MCCLURE)

DATE: September 4, 2015

RE: Customer Notice Regarding CPNI Compliance

In order to help protect your privacy regarding customer proprietary network information (CPNI), the

Federal Communications Commission (FCC) has taken measures to strengthen the rules ofproviding CPNI to customers, when requested. MCCLURE is in the process of implementing thesenew FCC rules. In order for our company to be in compliance with the new FCC rules for CPNI, wewant to inform you, our valued customer, of the changes that pertain to you. CPNI includes the calldetail information such as the called number, time of call, length of call, etc.

With the new FCC rule revisions, CPNI will only be able to discuss account information with theperson(s) listed on the account or proven power of attorney. If call detail is requested by a customerover the phone and the call is initiated by the customer, that customer will need to provide apreviously set password in order for our customer service representative (CSR) to supply therequested information on the phone call. The password can not be historical background informationthat would be available to someone else, such as the last four digits of your social security number,

mother’s maiden name, your address, etc. If this password is not supplied and back-up questionscan not be answered, there are only three ways for the customer to obtain this requested detail:

1. Hang up and have the CSR call back the telephone number of record2. Have the CSR mail the requested information to the address of record3. The authorized customer on the account must come to the telephone office and show a valid

government issued photo ID

With these rules, if you would like to add someone to the account that can be authorized to makesuch requests please let us know. Otherwise, only the person(s) listed on the account will be able toobtain such call detail information in the manner addressed above and be able to discuss changes tothe account or certain account details. If a customer initiates a call to MCCLURE for account

changes that are non-call detail CPNI such as questions on your bill, the customer will be asked toauthenticate their self or possibly need to supply the password, depending on the FCC final ruling. Inorder to assist in adding an authorized person(s) to your account such as a spouse or dependent,please complete the attached form and return to the telephone office.

We apologize in advance for any inconvenience this may cause, however the new rules are for theprotection of your privacy in order to ensure that no one other than the authorized person is receivingthe requested detail and making account changes. Our service to you is not changing as yourprivacy has always been important to us; we are only tightening our security of protecting yourprivate information, as mandated by the FCC.

MEMO

Print on

Company

Letterhead


37/58

Section16.1-SampleCustomerMemo MS.doc Page 2 of 2 Released: September 4, 2015

Along with the authorized person form, we have included a section to complete in order to begin theprocess of setting up your password and back-up questions. Please complete this form andreturn to our telephone office at your earliest convenience.

Due to the FCC rule revisions, you will also receive a “Notice of Change/Activity” form at the addressof record from our office anytime changes are made to your account such as an address change,password change, back-up question used for lost or forgotten password, etc. The notice will informyou of such change or activity and if this was not made by an authorized person, please contact ouroffice immediately.

Occasionally, MCCLURE would like to make you aware of additional products or services availablefrom us outside our current service relationship. For example, if you have our local exchange voiceservice, you may be interested in our long distance packages. However, per the new FCC rules onCPNI, you have the option of signing the attached “Opt-Out” form in order to exclude yourself fromsuch internal marketing services. We never sell your private information to outside entities; howeverwe would like the opportunity to continue to make you aware of additional products and serviceavailable to you that you currently may not know about. By completing the attached “Opt-Out” form,we will exclude you from such internal marketing opportunities based upon your specific accountinformation. If you wish to be excluded, please complete the attached “Opt-Out” form and return toour office. Otherwise if you would like to continue hearing about our products and service that maybe of interest to you based upon your current account status, please disregard this “Opt-Out” form.

Thank you in advance for your assistance in completing the necessary forms attached and returningto our office in order to help us comply with the new FCC rules for your CPNI protection. The newprocedures will help ensure your private information is protected. If you have any questionsregarding our new procedures for CPNI compliance, please contact me at (765) 588-1388

Enclosures (3)


38/58

Section16.2-16.6 CPNI SAMPLE Forms MS.xls, Input Released: October 15, 2007


Input Form

Current Authori zed Ac count Contacts for (phone number): (800)

Contact:

Contact:

Phone Company Information: McClure Services LLC

Kurz Purdue Technology Center

1281 Win Hentschel B lvd.

West Lafayette, IN 47906

CPNI Compliance Officer

ABC Telephone Company

(800)

123-4567

Jack Doe

123-4567

Phone Number

John Doe

Jill Doe


39/58Section16.2-16.6 CPNI SAMPLE Forms MS.xls, Authorized Acct Contacts Released: October 15, 2007


Authorized Account Contacts

Current Authorized Account Contacts for (phone number): (800)

Contact:

Contact:

No, at this time I do not want to add any additional authorized contacts to my account.

Yes, at this time I would like to add the following people as authorized contacts for my account.

Email Address*:

Authorized By:

Date:

Please use the enclosed envelope to return the completed form to our office at:

McClure Services LLCKurz Purdue Technology Center

1281 Win Hentschel Blvd.


For questions regarding this form or the new CPNI company policies, please contact:



(800)

123-4567

John Doe

Jill Doe

(Signature of authorized contact currently listed on the account)

123-4567

Phone Number

Jack Doe

*The FCC does allow call detail CPNI to be sent to an email account of record.However, this email address mus t be in the company files for at least 30 days

before CPNI can be sent to it. If you would like our company to have an "email

address of record" in our fi les, please provide the address.

Per the FCC rules regarding Customer Proprietary Network Information (CPNI)as described in the attached notice, this form needs to be completed andreturned to our office.

The current authorized account contacts are l isted below. Please mark whether you wou ld or wou ld not l ike to add another contac t to the account at this t ime. If you do add another contact, please provide their name(s) in the l ines below.

Reminder: Due to the CPNI FCC rules, we can only discuss certain accountinformation and call detail with such authorized contacts.


40/58Section16.2-16.6 CPNI SAMPLE Forms MS.xls, Password Set Up Released: October 15, 2007


Password Set Up

Current Authorized Account Contacts for (phone number): (800)

Contact:

Contact:

Author ized Cust omer Chosen Password*:

(Between 5-10 characters in length - Alpha, Numeric, or Alpha/Numeric Mixed - no spaces or symbols all

Security Questions & Answers:

1. What was your first childhood pet's name?

2. Where were were born?

3. What is your favorite color?

4. As a child, what was your dream job?

5. What brand of shampoo do you use?

Authorized By:

Date:

Please use the enclosed envelope to return the completed form to our office at:


Kurz Purdue Technology Center

1281 Win Hentschel Blvd .


For questions regarding this form or the new CPNI company policies, please contact:



(800)


(You can use city and state, just state, just city, state abbreviation, zip code, city nick name,

etc. Just remember they way you have chosen to answer this.)

Jack Doe

123-4567

Phone Number

123-4567

John Doe

Jill Doe

*This password can not be historical information such as based on your social security number,

address, etc. The FCC is trying to minimi ze the possib ility of false identification for suppl ying call detail,

therefore do not use anything th at someone else would be able to access.

Per the new FCC rules regarding Customer Proprietary Network Information (CPNI) as described in theattached notice, this form needs to be completed and returned to our off ice.

Reminder : Due to the new CPNI FCC rules, i f you request cal l detai l informat ion you must supply thispassword before the informat ion can be disclosed. If you do not remember the password, the securi tyquestions below wil l be used for ver if icat ion and a new password wi ll be established. If a password cannot be suppl ied for cal l detai l i nformat ion, there are only a few ways mandated by the FCC in order toobtain the information.

(1) Have the telephone representat ive cal l you back, but only at the telephone number of record

(2) Have the telephone representat ive mai l you the requested cal l detai l informat ion, but only to theaddress of record

(3) You, the au thor ized accoun t cus tomer , mus t come to the telephone o ff ice and show your val idgovernment issued photo ID

One Form must be completed per account, therefore if there are more than one authorized customers ontheaccount this password wil l be for all authorized customers.

Chose two security questions and fill in the answer. This will be used to verify you as the authorizedcustomer if the password can not be remember. The telephone representative will ask you the chosenquestions and wait for the proper answer (that you complete below) before the password is re-established.


41/58Section16.2-16.6 CPNI SAMPLE Forms MS.xls, Opt-In Released: October 15, 2007


Opt-In Notice

Please call our office if you have any questions on this notice:



(800)

OPT-IN CONSENT

Return this portion if you chose to opt-in of notification of MCCLURE SERVICES LLC

external marketing of services and products.

I have read the above notice and would like to Opt-In by granting permission to MCCLURE SERVICES LLC

for sharing my account information with joint-venture partners, independent contractors, and/or third partiesfor the purpose of marketing.

Author ized Customer :

Street/Billing Address:

City, State, Zip Code:

Account Telephone Number: (800)

Authorized By:

Date:

As in the past and continuing into the future, our company respects your privacy and abides by the privacy rules

mandated by the Federal Communications Commission, state commission, and any other oversight telecom

agencies.

For the purpose of marketing additional products and services to you, we are requesting permission to share your

account and call information with our joint-venture partners, independent contractors, and/or other third parties. This

information will be used for marketing purposes only to better serve you with additional products and services that

may be of interest to you based upon your usage and features.

We would like the opportunity to continue to better serve you by notifying you of our additional products and services,

however you must opt-in in order to receive information regarding our additional products and services. If you agree

to this, please sign and return the portion below.

Jack Doe

123-4567

Phone Number

John Doe

123-4567



42/58Section16.2-16.6 CPNI SAMPLE Forms MS.xls, Opt-Out Released: October 15, 2007


Opt-Out Notice

Please call our office if you have any questions on this notice:



(800) November 1, 2007

OPT-OUT NOTIFICATION

Return this portion if you chose to opt-out of notification of MCCLURE SERVICES LLC

internal targeted marketing of services and products that are outside of your existing service scope.

I have read this notice and would like to Opt-Out of the CPNI based marketing of products and services

that are outside of my existing scope of service offered by MCCLURE SERVICES LLC.

Authorized Customer:

Street/Billing Address:

City, State, Zip Code:

Account Telephone Number: (800)

Authorized By :

Date:

Phone Number

John Doe

As in the past and continuing into the future, our company respects your privacy and abides by the privacy

rules mandated by the Federal Communications Commission, state commission, and any other oversight

telecom agencies. We never sell your private account information or provide call detail information of your

telephone calls to outside entities for marketing purposes. The protection of your information is important

to us and our Company acknowledges that you have a right, and we have a duty, under federal law, to

protect the confidentiality of your CPNI.

Sometimes we would like to make you aware of additional products or services available from us and our

affiliates (Identify by name) outside the existing business relationship. For example, if you have our local

exchange voice service, you may be interest in our long distance packages. However, per the FCC new

rules on Customer Proprietary Network Information (CPNI), you have the option of being excluded from

such targeted marketing services by signing and returning the opt-out notification below. CPNI is

information created by virtue of the relationship between a carrier and a customer, including the quantity,

technical configuration, type, destination, location, and amount of use of a customer's telecommunications

services purchased (including specific calls a customer makes and receives) and related local and toll

billing information. It does not include published information such as one's name, address, or telephone

number.

We would like the opportunity to continue to better serve you by notifying you of our additional products

and services, however you have the right to opt-out of hearing about these products and services. If you

would like to continue being notified about the products and services based upon your current services

with us then please do nothing further. However, if you would like to "opt-out" the signed and returned

signature card will not allow us to inform you of the products and services outside of your existing scope of

service with us based upon the use of your CPNI.

Jack Doe

Unless you provide us with notice that you wish to opt-out within 33 days of the date of this notice, we will

assume that you give our Company the right to utilize your CPNI for internal marketing campaigns. Please

be advised that if you do not opt out, your consent will remain valid until we receive your notice withdrawing

it. If you wish to withdraw your consent at any time, you may do so by calling us at 1-800-XXX-XXXX.

Furthermore, note that opting out will not affect the status of the services you currently have with our

Company. In addition, we can disclose your CPNI to comply with any laws, court order or subpoena or to

provide services to you, pursuant to your C

McClure CPNI Manual.pdf

Documents

Transcript of McClure CPNI Manual.pdf